robbat2
Repos
99
Followers
53
Following
26

Events

issue comment
Add autoignoreprefixes option to interface options

I'm not sure about the design here. I think the ::/64 selected from a positive list of larger networks would likely be better than the negative list of prefixes to ignore.

In your case, it's ::/64 inside 2001:db8:1::/48

Created at 3 weeks ago
opened issue
mox3 archived & deprecated upstream, please update tests to not use it

mox3 is no longer available upstream and does not support python 3.9 or newer, so nsscache cannot be tested with newer python3

https://opendev.org/openstack/mox3/src/branch/master/README.rst

Please update the tests to use something else, so it can be tested.

Created at 3 weeks ago

scanner: make config case-insensitive

Make radvd easier to configure by accepting any case of config options.

Signed-off-by: Robin H. Johnson robbat2@gentoo.org Reference: https://github.com/radvd-project/radvd/pull/184

AdvValidLifetime: option was duplicated with different cases

Both AdvValidLifeTime and AdvValidLifetime were in the config, leading to user confusion. With the caseless option in place, the dual variables are no longer.

Signed-off-by: Robin H. Johnson robbat2@gentoo.org Closes: https://github.com/radvd-project/radvd/pull/184

radvd.conf.5.man: document case insensitive.

Signed-off-by: Robin H. Johnson robbat2@gentoo.org Reference: https://github.com/radvd-project/radvd/pull/184

Merge pull request #187 from robbat2/robbat2/no-case

Make configuration case insensitive

Created at 3 weeks ago
pull request closed
Make configuration case insensitive

Fixes the issue with AdvValidLifetime and AdvValidLifeTime depending which section of the configuration you're in, and makes it easier to use.

Closes: https://github.com/radvd-project/radvd/pull/184

Created at 3 weeks ago
issue comment
Add missing configure check for AM_PROG_AR

Thanks, running CI on this before merge

Created at 3 weeks ago
issue comment
radvd sends out RAs to wrong interface

No response for 6 months, closing.

Created at 4 weeks ago
closed issue
radvd sends out RAs to wrong interface

I'm using radvd on an openvpn tap interface. When the vpn server is restarted, the tap interface goes down and up, and radvd starts advertising on the lan interface:

root@host:~# radvdump
#
# radvd configuration generated by radvdump 1.8.5
# based on Router Advertisement from fe80::81:37
# received by interface eth0
#
interface eth0
{
        AdvSendAdvert on;
        # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
        AdvManagedFlag off;
        AdvOtherConfigFlag off;
        AdvReachableTime 0;
        AdvRetransTimer 0;
        AdvCurHopLimit 64;
        AdvDefaultLifetime 1800;
        AdvHomeAgentFlag off;
        AdvDefaultPreference high;
        AdvSourceLLAddress on;

        prefix 2001:db8:8081:3701::/64
        {
                AdvValidLifetime 86400;
                AdvPreferredLifetime 14400;
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        }; # End of prefix definition

}; # End of interface definition

tcpdump -i eth0 confirms this:

08:30:11.987462 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::81:37 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 56
        hop limit 64, Flags [none], pref high, router lifetime 1800s, reachable time 0s, retrans time 0s
          prefix info option (3), length 32 (4): 2001:db8:8081:3700::/64, Flags [onlink, auto], valid time 86400s, pref. time 14400s
          source link-address option (1), length 8 (1): fa:c7:02:73:4a:1e

The radvd config contains only the openvpn interface:

# cat /etc/radvd.conf
interface tap-vpn
{
   AdvSendAdvert on;
   AdvDefaultPreference high;
   prefix 2001:db8:8081:3701::/64
   {
   };
};

The monitoring confirms that the issue appeared at the exact moment when the vpn server was restarted.

My openvpn config has the 'persist-tun' option, so the tap interface is in fact not destroyed but goes down.

Created at 4 weeks ago
issue comment
radvd exits on too many addresses in RDNSS section

Patch welcome to change rdnss->AdvRDNSSAddr[123] into an array or linked list instead of three addresses only.

The three addresses comes from earlier RFCs that have been superseded now.

Created at 4 weeks ago
issue comment
Fix case of AdvValidLifetime option

Have a look at https://github.com/radvd-project/radvd/pull/187 that should supersede your PR.

Created at 4 weeks ago
pull request opened
Make configuration case insensitive

Fixes the issue with AdvValidLifetime and AdvValidLifeTime depending which section of the configuration you're in, and makes it easier to use.

Closes: https://github.com/radvd-project/radvd/pull/184

Created at 4 weeks ago
create branch
robbat2 create branch robbat2/no-case
Created at 4 weeks ago
issue comment
[FEATURE REQUEST] Option "auto" for AdvValidLifetime and AdvPreferredLifetime

Can you expand on the intended behavior please?

  • How should radvd identify which IP was assigned by DHCPv6 client? By client, by interface, some other way?
  • Does this matter if there are multiple different links? (e.g. getting different RAs on different links on the host)
  • Does it require integrations with specific DHCPv6 clients? Which clients?
  • what logic should that auto have for lifetime values?
  • DecrementLifetimes on should already cap the lifetimes to whatever is present on the system, so how does your request differ from that?
  • AdvValidLifetime & AdvPreferredLifetime are prefix-specific options, and if your prefix is very dynamic, are you using the special prefix of ::/64 or some other scheme? (e.g. Ubiquiti edgerouters rewrite the radvd config).
Created at 4 weeks ago
Error when using HTTP2 for AWS S3 request

Hi,

Just wanted to leave an update here. There turns out to be some gotchas in the "easy" server-side fix I was proposing: https://github.com/ceph/ceph/pull/47773

That need other changes to ensure security still functions as expected. So it's not going to be as quick as I'd hoped.

Created at 4 weeks ago

Fix preferred lifetime exceeding valid lifetime error messages

Merge pull request #181 from initramfs/fix-lifetime-error-msg

Fix error message for preferred lifetime exceeding valid lifetime

Created at 1 month ago
pull request closed
Fix error message for preferred lifetime exceeding valid lifetime

The displayed error message when a prefix's preferred lifetime exceeds it's valid lifetime begins with:

AdvValidLifeTime must be greater than AdvPreferredLifetime...

this is inconsistent with RFC 4861 § 4.6.2 where the preferred lifetime cannot exceed valid lifetime but can equal it.

The actual code/logic exhibits correct behaviour but the error message is misleading, and has led to at least one incorrect implementation utilizing radvd (VyOS, see relevant implementation error here).

This PR adds the text "or equal to" to the error message to clarify the true constraint, such that the error now starts with:

AdvValidLifeTime must be greater than or equal to AdvPreferredLifetime...

Created at 1 month ago

ci: Update the FreeBSD GitHub action to use macOS 12 instead of macOS 10.15.

GitHub warned that macOS 10.15 support will be removed at the end of August.

Signed-off-by: RICCIARDI-Adrien adrien.ricciardi@hotmail.fr

Merge pull request #183 from RICCIARDI-Adrien/update_freebsd_ci

CI: Updated the FreeBSD GitHub action to use macOS 12

Created at 1 month ago
pull request closed
CI: Updated the FreeBSD GitHub action to use macOS 12

GitHub warned that macOS 10.15 support will be removed at the end of August (see https://github.com/actions/runner-images/issues/5583).

Created at 1 month ago
issue comment
Fix case of AdvValidLifetime option

How about making the code be case-insensitive for this?

Created at 1 month ago
opened issue
gopass totp disabled terminal echo

Summary

After running gopass totp ..., and ctrl-c to exit, terminal input is hidden, because echo was disabled.

Steps To Reproduce

  • Run gopass totp ...
  • Use Ctrl-C to exit
  • Try to type something
  • Input is not displayed on the terminal

Note:

  • If q is used to exit, then the terminal input IS correctly displayed.

Expected behavior

  • Terminal input should be displayed in both cases.
  • Terminal echo should be re-enabled as soon as gopass has decrypted the secret, long before doing anything else.

Environment

  • OS: Gentoo Linux
  • OS version: Linux REDACTED 5.18.15-gentoo-dist #1 SMP PREEMPT_DYNAMIC Fri Jul 29 22:03:23 -00 2022 x86_64 Intel(R) Core(TM) REDACTED GenuineIntel GNU/Linux
  • gopass Version: 1.14.4
  • Installation method: distro package manager
Created at 1 month ago
issue comment
EAPI6--

+1 for mirdir

Created at 1 month ago
create branch
robbat2 create branch rjohnson/main-rgw-s3-v4
Created at 1 month ago
create branch
robbat2 create branch HEAD
Created at 1 month ago
create branch
robbat2 create branch rjohnson/octopus-rgw-s3-v4
Created at 1 month ago
create branch
robbat2 create branch rjohnson/pacific-rgw-s3-v4
Created at 1 month ago
pull request opened
rgw: remove v4 signature special cases

V4 Signatures can be used with "Transfer-Encoding: chunked", which is not the same as AWS V4 CHUNK encoding.

TE:Chunked is not detected as empty payload in the present case, and worked correctly if the operation was already in the large switch statement. Other operations not in the switch statement were wrongly rejected as NotImplemented, when they certainly were (e.g. DeleteObject). TE:Chunked is important because it's a trivial transform from HTTP/2 framing, opening the door to easier HTTP/2 functionality.

Signed-off-by: Robin H. Johnson rjohnson@digitalocean.com (cherry picked from commit 2453b7255c7314cbf751cd4dd77a15cf29034453)

Created at 1 month ago
pull request opened
rgw: remove v4 signature special cases

V4 Signatures can be used with "Transfer-Encoding: chunked", which is not the same as AWS V4 CHUNK encoding.

TE:Chunked is not detected as empty payload in the present case, and worked correctly if the operation was already in the large switch statement. Other operations not in the switch statement were wrongly rejected as NotImplemented, when they certainly were (e.g. DeleteObject). TE:Chunked is important because it's a trivial transform from HTTP/2 framing, opening the door to easier HTTP/2 functionality.

Signed-off-by: Robin H. Johnson rjohnson@digitalocean.com (cherry picked from commit 2453b7255c7314cbf751cd4dd77a15cf29034453)

Created at 1 month ago
pull request opened
rgw: remove v4 signature special cases

V4 Signatures can be used with "Transfer-Encoding: chunked", which is not the same as AWS V4 CHUNK encoding.

TE:Chunked is not detected as empty payload in the present case, and worked correctly if the operation was already in the large switch statement. Other operations not in the switch statement were wrongly rejected as NotImplemented, when they certainly were (e.g. DeleteObject). TE:Chunked is important because it's a trivial transform from HTTP/2 framing, opening the door to easier HTTP/2 functionality.

Signed-off-by: Robin H. Johnson rjohnson@digitalocean.com (cherry picked from commit 2453b7255c7314cbf751cd4dd77a15cf29034453)

Created at 1 month ago